2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65

Analysis

max time kernel
600s
max time network
569s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2024, 22:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe
Size

55KB
MD5

1e682d91b86e5d1059496ef5c9404a83
SHA1

b997c212dee402190a4fe7562fa68f565c084711
SHA256

7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0
SHA512

e00e985da0097f7f743c82ab46b09e5c4b9c6aa03c7f28310a23ecc1167b5c4a21cf4490c6081c201e962ba830acaa04ef11eb40f4e1451a2d0e199e84e2d130
SSDEEP

1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVD6ANyCa:wwshK8yMexbW9vJVD6ANs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709134041079456"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
384	msedge.exe
384	msedge.exe
4104	chrome.exe
4104	chrome.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
2612	chrome.exe
748	identity_helper.exe
748	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe
1916	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1916	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 4804	384	msedge.exe	93
PID 384 wrote to memory of 4804	384	msedge.exe	93
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 1256	384	msedge.exe	94
PID 384 wrote to memory of 744	384	msedge.exe	95
PID 384 wrote to memory of 744	384	msedge.exe	95
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96
PID 384 wrote to memory of 2640	384	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe
"C:\Users\Admin\AppData\Local\Temp\7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd2f9f46f8,0x7ffd2f9f4708,0x7ffd2f9f4718
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1360 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2900698002152367565,6279049636828388246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0xf4,0xf8,0x124,0x7ffd1e2dcc40,0x7ffd1e2dcc4c,0x7ffd1e2dcc58
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,17347575325504740934,13554919988752829142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1800,i,17347575325504740934,13554919988752829142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,17347575325504740934,13554919988752829142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,17347575325504740934,13554919988752829142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,17347575325504740934,13554919988752829142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,17347575325504740934,13554919988752829142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4704,i,17347575325504740934,13554919988752829142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5124,i,17347575325504740934,13554919988752829142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,17347575325504740934,13554919988752829142,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:2612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3460
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1896 -parentBuildID 20240401114208 -prefsHandle 1836 -prefMapHandle 1752 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3074373f-b164-4071-8996-36ca4a0e7d67} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" gpu
    3⤵
    PID:3124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2348 -prefMapHandle 2208 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a29f8790-c181-4f41-9ade-4cb529011fb8} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" socket
    3⤵
    PID:456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 3324 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3af3eb7-0f0c-4546-9621-2c8597928f5f} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" tab
    3⤵
    PID:5232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4316 -childID 2 -isForBrowser -prefsHandle 2836 -prefMapHandle 2828 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46bb5361-a884-488a-85ef-64633a9d724f} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" tab
    3⤵
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4448 -childID 3 -isForBrowser -prefsHandle 4456 -prefMapHandle 4460 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38386487-df61-446c-b477-14cafa76a5d9} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" tab
    3⤵
    PID:5840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4664 -childID 4 -isForBrowser -prefsHandle 4676 -prefMapHandle 4680 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59f38f68-ba89-4f1b-ae00-3a26afb86e3d} 1916 "\\.\pipe\gecko-crash-server-pipe.1916" tab
    3⤵
    PID:5852

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5224
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:5244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:2160

Network

DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

240.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.143.123.92.in-addr.arpa

IN PTR

Response

240.143.123.92.in-addr.arpa

IN PTR

a92-123-143-240deploystaticakamaitechnologiescom
DNS

69.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.31.126.40.in-addr.arpa

IN PTR

Response
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.178.4:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.178.4:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CN7nygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.178.4:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgTCbg1GGMrBnbcGIjCdbDjXaR8PGqB3CUiZ6qnDJkWDho8Z8r7EJ2xxOwFACIdjMUUhGUaF5IQLehnMNdUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.178.4:443

Request

GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgTCbg1GGMrBnbcGIjCdbDjXaR8PGqB3CUiZ6qnDJkWDho8Z8r7EJ2xxOwFACIdjMUUhGUaF5IQLehnMNdUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
x-client-data: CN7nygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

227.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.179.250.142.in-addr.arpa

IN PTR

Response

227.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f31e100net
DNS

4.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.178.250.142.in-addr.arpa

IN PTR

Response

4.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f41e100net
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

location.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

location.services.mozilla.com

IN A

Response

location.services.mozilla.com

IN CNAME

prod.classify-client.prod.webservices.mozgcp.net

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

location.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

location.services.mozilla.com

IN A
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.187.238
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.155

a19.dscg10.akamai.net

IN A

88.221.134.209
GET

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

firefox.exe

Remote address:

88.221.134.155:80

Request

GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 10 Sep 2024 17:43:11 GMT
ETag: 09372174e83dbbf696ee732fd2e875bb
Content-Length: 491284
Accept-Ranges: bytes
X-Timestamp: 1725990190.00063
Content-Type: application/zip
X-Trans-Id: tx002125be83834990a4b97-0066e2d168dfw1
Cache-Control: public, max-age=113702
Expires: Tue, 17 Sep 2024 06:09:20 GMT
Date: Sun, 15 Sep 2024 22:34:18 GMT
Connection: keep-alive
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.209

a19.dscg10.akamai.net

IN A

88.221.134.155
GET

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

firefox.exe

Remote address:

142.250.187.238:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
host: redirector.gvt1.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

142.250.187.238
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:820::200e
GET

https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb

firefox.exe

Remote address:

35.190.72.216:443

Request

GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/2.0
host: location.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
te: trailers
DNS

prod.classify-client.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN A

Response

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

r1---sn-aigzrnsr.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1---sn-aigzrnsr.gvt1.com

IN A

Response

r1---sn-aigzrnsr.gvt1.com

IN CNAME

r1.sn-aigzrnsr.gvt1.com

r1.sn-aigzrnsr.gvt1.com

IN A

74.125.175.38
DNS

prod.classify-client.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN AAAA

Response
GET

https://r1---sn-aigzrnsr.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=194.110.13.70&mm=28&mn=sn-aigzrnsr&ms=nvh&mt=1726439322&mv=m&mvi=1&pl=24&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

firefox.exe

Remote address:

74.125.175.38:443

Request

GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=194.110.13.70&mm=28&mn=sn-aigzrnsr&ms=nvh&mt=1726439322&mv=m&mvi=1&pl=24&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com HTTP/1.1
Host: r1---sn-aigzrnsr.gvt1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cache-Control: public,max-age=86400
Content-Disposition: attachment
Content-Length: 14485862
Content-Security-Policy: default-src 'none'
Content-Type: application/zip
Etag: "1d3918c"
Server: downloads
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0
Date: Sun, 15 Sep 2024 20:36:34 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Vary: Origin
DNS

r1.sn-aigzrnsr.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-aigzrnsr.gvt1.com

IN A

Response

r1.sn-aigzrnsr.gvt1.com

IN A

74.125.175.38
DNS

r1.sn-aigzrnsr.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-aigzrnsr.gvt1.com

IN AAAA

Response

r1.sn-aigzrnsr.gvt1.com

IN AAAA

2a00:1450:4009:17::6
DNS

155.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.134.221.88.in-addr.arpa

IN PTR

Response

155.134.221.88.in-addr.arpa

IN PTR

a88-221-134-155deploystaticakamaitechnologiescom
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

216.72.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.72.190.35.in-addr.arpa

IN PTR

Response

216.72.190.35.in-addr.arpa

IN PTR

2167219035bcgoogleusercontentcom
DNS

38.175.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.175.125.74.in-addr.arpa

IN PTR

Response

38.175.125.74.in-addr.arpa

IN PTR

lhr48s38-in-f61e100net
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.3
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.3
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 821
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 335
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

3.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.169.217.172.in-addr.arpa

IN PTR

Response

3.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f31e100net
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.204.78
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D44%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D44%2526e%253D1

chrome.exe

Remote address:

216.58.204.78:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D44%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D44%2526e%253D1 HTTP/2.0
host: clients2.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

beacons4.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons4.gvt2.com

IN A

Response

beacons4.gvt2.com

IN A

216.239.32.116
OPTIONS

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

POST /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
content-length: 401
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

78.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.204.58.216.in-addr.arpa

IN PTR

Response

78.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f141e100net

78.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f14�H

78.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f78�H
DNS

116.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.32.239.216.in-addr.arpa

IN PTR

Response

116.32.239.216.in-addr.arpa

IN PTR

e2agooglecom

185.225.19.198:80

7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe

260 B
5
142.250.178.4:443

www.google.com

tls, http2

chrome.exe

1.0kB
5.6kB
9
8
142.250.178.4:443

www.google.com

tls, http2

chrome.exe

1.0kB
5.6kB
9
8
142.250.178.4:443

https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgTCbg1GGMrBnbcGIjCdbDjXaR8PGqB3CUiZ6qnDJkWDho8Z8r7EJ2xxOwFACIdjMUUhGUaF5IQLehnMNdUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

tls, http2

chrome.exe

2.9kB
13.9kB
32
37

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgTCbg1GGMrBnbcGIjCdbDjXaR8PGqB3CUiZ6qnDJkWDho8Z8r7EJ2xxOwFACIdjMUUhGUaF5IQLehnMNdUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
127.0.0.1:58025

firefox.exe
127.0.0.1:58049

firefox.exe
88.221.134.155:80

http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

http

firefox.exe

4.9kB
506.9kB
99
377

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

HTTP Response

200
142.250.187.238:443

https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip

tls, http2

firefox.exe

1.5kB
8.8kB
16
21

HTTP Request

GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
35.190.72.216:443

https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb

tls, http2

firefox.exe

2.2kB
4.8kB
19
16

HTTP Request

GET https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
74.125.175.38:443

https://r1---sn-aigzrnsr.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=194.110.13.70&mm=28&mn=sn-aigzrnsr&ms=nvh&mt=1726439322&mv=m&mvi=1&pl=24&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

tls, http

firefox.exe

432.5kB
15.0MB
7632
10781

HTTP Request

GET https://r1---sn-aigzrnsr.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&mh=R8&mip=194.110.13.70&mm=28&mn=sn-aigzrnsr&ms=nvh&mt=1726439322&mv=m&mvi=1&pl=24&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

HTTP Response

200
172.217.169.3:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

3.7kB
7.8kB
27
31

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
216.58.204.78:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D44%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D44%2526e%253D1

tls, http2

chrome.exe

2.1kB
9.8kB
17
23

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.80.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D44%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D44%2526e%253D1
216.239.32.116:443

https://beacons4.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.7kB
8.1kB
24
27

HTTP Request

OPTIONS https://beacons4.gvt2.com/domainreliability/upload-nel

HTTP Request

POST https://beacons4.gvt2.com/domainreliability/upload-nel

8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

240.143.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

240.143.123.92.in-addr.arpa
8.8.8.8:53

69.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

69.31.126.40.in-addr.arpa
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

227.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.179.250.142.in-addr.arpa
8.8.8.8:53

4.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.178.250.142.in-addr.arpa
142.250.178.4:443

www.google.com

https

chrome.exe

2.7kB
14.1kB
13
18
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
224.0.0.251:5353

chrome.exe

654 B
10
8.8.8.8:53

location.services.mozilla.com

dns

firefox.exe

150 B
153 B
2
1

DNS Request

location.services.mozilla.com

DNS Request

location.services.mozilla.com

DNS Response

35.190.72.216
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
110 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

164 B
175 B
2
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

prod.balrog.prod.cloudops.mozgcp.net
8.8.8.8:53

201.181.244.35.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

201.181.244.35.in-addr.arpa
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

142.250.187.238
8.8.8.8:53

ciscobinary.openh264.org

dns

firefox.exe

70 B
286 B
1
1

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.155

88.221.134.209
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
99 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.209

88.221.134.155
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

142.250.187.238
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
123 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:86d1

2a02:26f0:a1::58dd:869b
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
93 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

2a00:1450:4009:820::200e
8.8.8.8:53

prod.classify-client.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
110 B
1
1

DNS Request

prod.classify-client.prod.webservices.mozgcp.net

DNS Response

35.190.72.216
142.250.187.238:443

redirector.gvt1.com

https

firefox.exe

1.9kB
9.3kB
7
11
8.8.8.8:53

r1---sn-aigzrnsr.gvt1.com

dns

firefox.exe

71 B
116 B
1
1

DNS Request

r1---sn-aigzrnsr.gvt1.com

DNS Response

74.125.175.38
8.8.8.8:53

prod.classify-client.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.classify-client.prod.webservices.mozgcp.net
8.8.8.8:53

r1.sn-aigzrnsr.gvt1.com

dns

firefox.exe

69 B
85 B
1
1

DNS Request

r1.sn-aigzrnsr.gvt1.com

DNS Response

74.125.175.38
8.8.8.8:53

r1.sn-aigzrnsr.gvt1.com

dns

firefox.exe

69 B
97 B
1
1

DNS Request

r1.sn-aigzrnsr.gvt1.com

DNS Response

2a00:1450:4009:17::6
35.190.72.216:443

prod.classify-client.prod.webservices.mozgcp.net

https

firefox.exe

2.0kB
5.7kB
7
7
74.125.175.38:443

r1.sn-aigzrnsr.gvt1.com

https

firefox.exe

2.0kB
5.9kB
7
8
8.8.8.8:53

155.134.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

155.134.221.88.in-addr.arpa
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

216.72.190.35.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

216.72.190.35.in-addr.arpa
8.8.8.8:53

38.175.125.74.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

38.175.125.74.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

132 B
224 B
2
2

DNS Request

beacons.gcp.gvt2.com

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.169.3

DNS Response

172.217.169.3
8.8.8.8:53

3.169.217.172.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.169.217.172.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

216.58.204.78
172.217.169.3:443

beacons.gcp.gvt2.com

https

chrome.exe

2.9kB
6.3kB
5
7
8.8.8.8:53

beacons4.gvt2.com

dns

chrome.exe

63 B
79 B
1
1

DNS Request

beacons4.gvt2.com

DNS Response

216.239.32.116
216.239.32.116:443

beacons4.gvt2.com

https

chrome.exe

2.9kB
6.7kB
5
8
8.8.8.8:53

78.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

78.204.58.216.in-addr.arpa
8.8.8.8:53

116.32.239.216.in-addr.arpa

dns

73 B
101 B
1
1

DNS Request

116.32.239.216.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6af1a221-4537-4bb3-a113-7686d3f42cf7.tmp

Filesize
9KB

MD5
6d60272824a11a2da7496914d927e569

SHA1
5b8bb6665b9d5a004aaf0d2597eb8fa935392e30

SHA256
ebde62b936891ad83a93631529df3dcf48143e099e1486b9ce594ab73afeed55

SHA512
9251e5b3c0e722e0783b96e03742bae552be2fec72e60caf998152c6d9a70884bb9cedb4dcc7d2ef376ff61cdc09e130513ab43f0dfc6911f22bede86d668f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
203a0e54f650dee90ee1b819af1ea876

SHA1
b2258db71aeb871afbf1b5f93b6bb94e5018f00c

SHA256
6b88e718ba32af2d34fb61543e6bd20c8b49f52399b2205702245ac70aebc793

SHA512
9504d51ba1ea8cd1419a54f788830f0b77eb0c7643fc2df77aa2d576c227790bd53ddc4cac8ce42b10fddfe543d0e0380df959327a2090457870ab7451148bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bd0b0f3e7ee1d5dc3c579cc8ac769738

SHA1
c2ee15b57f4b9c4ffa96bf1b21470da3cc3987c7

SHA256
a877b9f0a133614c4ed1305b0bfe86562ee16e9d1715df57c4404261dcb3f432

SHA512
01db806f5894587d3e015ef1b5deb1057b6f1794d16cb7420a99fefdb83f63a07eed19f6c8fd4f7d4f55471cbd37186d20d46a7c3213f52aac02bab17c5b6261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
768d238ade756329609b6527d41fa16e

SHA1
bf0d9f019b7289d95e25f3661a600cd770d774de

SHA256
9b6d9dcb01fa0f7879da96e4497642d25973032bdef3603f96233556f2f83ddf

SHA512
33951631d485a430a220e9e591974ab9b61320b5e6f95c903a1d446371cb4d75b32e4990eceb178cee86086dd19afece6530345753f594677e56537907b7ecc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c262ddb784f71e5b89659756fa07a118

SHA1
a2a8f8491afe6387eeeb039f9d139f0fb9b95052

SHA256
a8eff35dacfd706b384b5c7e240a039a87f645eca536d0756da3fed988cfa577

SHA512
1bdc22ffddd91fb8941de62ee08e6e02278cc5aa0b32e25612e29e173743919215a02322f6dd0f495e758814d53845e465efb87f33926907a1d9fb16bcf17c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7180003bbcd794daca2ace312f74c741

SHA1
eb4cd348007d930655faf6b90858826906f0c532

SHA256
4c2af3a65516ec6ae3017848da2d7d81d3754b627db19be90522967a8dfad57c

SHA512
aa5e28a550c46067f98ce118cc0cf09a816d25391436ef522887bc04188a908952ae6047a90242f527a735697a1467ff90fc4def6110ab263f5dd8b272db2278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab8ca79f88a4642c11b63a1b2467ee9f

SHA1
ec07b819663a2b6b0799f9f597a9863f3ed06f7e

SHA256
dfeaeb59627f4d8b71a87110294894f99e49abcf4a49cd89c434cbfdce1b4a18

SHA512
e5a48b4ce622467d42fb381c31dee78477efd73561a095e1d66ea8a2426b455528f475b5131d076e48282d7c0945774ff083553f48cf433f5e1da00b8bff015b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc503d3b898fda73d665cf2a99af7602

SHA1
094ff095664c07acfdcbcb827e9106759382646f

SHA256
f86336489921dc7122cc05df77c4cd41d2b9765d8587747ee312049fb48805bc

SHA512
db17df37c4858dba200b90a1f09adb69527d3f7640a7d747f38fdbb254b8fa1daf67e62cba3c3e050e5ee982964fcb4ed5433b2c2643e53eae86c542e9a91814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88696e8f37bb271e793ae0b882ecc204

SHA1
5264a8f2862259d87572613bd31c5f4f6727482c

SHA256
a0e12b49bc7e59fed0a1d114e283f0a6a3d867b869c9cde8a940414413e4ddcd

SHA512
db1fa1ab87fa7e37758be5e581e2d8069cb6e2a6b368e0954f1bd7184b0f1c173a8cf1b107045f67c68c2adf370324bde3a34459b5036365c14fd619d5e2a358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
825377d1c254a36f71bd2e753d877f5e

SHA1
de1604bb2f1ed3b856b2b20be44448f49d0c3bb6

SHA256
9c6c92264c6e2cdd437387072436d25a24874dc9138ee67848098ac19fb9b4e7

SHA512
bba59d4963b63d8575ffe05ed5efa047a9b39fb9a0ce56192aa6461546731437f44149526044e0e7c83f8b5bfa6179a1d412f34d5b4be109a5a018b8066a7f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc124d20c8cc1d198fe103bd5744d156

SHA1
176387094de60fa7cad58f232c88aae90af40792

SHA256
51b0af4cbd2b292e8b4dbd2e02602d15e39aa92c4483c3caf94e269db82f25a7

SHA512
8e63cfb0cfe5078ef3d2d74f38789900e80e5f2fedfb9fd0b439987c2b45c5b99479c9ad1fbad537e96b527a952436aa095d1cdd8c2727aeca642b25c442d909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bfe1142db152738bcab9234c53e70b3

SHA1
8f68b460827311d9feddbce7dc5690ca5d5e9a25

SHA256
fc1ba3512c98906dc1f06b66c508423c67ff82e95e922522e8e5493b751fee31

SHA512
a51aa003bd829281ab0072048d5a8d04e02c7eb67ee6c2c3efaf18537aec8498acebff198875f47aa19f1ccd341b12c0df81e833b191907cd03989864df18595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a7f977fdf21664a9a2521676cbf04bc

SHA1
1bf0c4c2355e6f84c6ad1832be51730be730834f

SHA256
8db403a667767f574c16cee32386fc15cf9828166f302d66988a567b4acc3659

SHA512
3f6a3f795515c80a5486b85486efcd39b2b2e785506512e75a496acf2ce30a4cf085b4ebf231bef2cad8eaa15f7b6e7ade65ebb3b8b4005accc2444b9d8ec2ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae480b29037285952b82435b095aeb1d

SHA1
584c02b935e08555230cc08c4038483f78a2d2ce

SHA256
c74cca86d5f1084e36c49c6eb2661b649a144c620af6d8e88a41b276324b23c8

SHA512
f8edbdba77bbecf4f632a4591fd58aae0786f141aa0a724c5083f931f4a7d636be11ba3dade0e37ae7bb011349d2f2cbec0ea460e005f4fca8d1e62e454b74ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9aac08dabd481d1c853865e9fbe395ee

SHA1
e65e75e9af79b12f668daa43d240d57b52c19728

SHA256
c434bc0b783b43ecfc63c59e4b06dfa7d6205edcfbbe8c87ea8c0be6fcfca961

SHA512
902869f89ac6b9a9e59eabfea855553a699b6ccba5d7122be8f34907932bdca33acfb6bf92e64c652c03daf2f8d749aef06f7e8936d25056b9d679458054d2b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6be8ceb2b11eb53da6287916961d5e73

SHA1
b753fa03775babad4f70d5735fc9901ce40e1f3c

SHA256
24da61db9e1d8a802be9a2306fe20560d70fc7afee22516970a818687ac53477

SHA512
86745fcddf8141a950991da152c3a9337832b062a664f195666b8a2db33f2595b9fd168c858cdd4a9d6f01b05e1753ca2d87ac6c9991ecfc2cef80e6c7da4824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a10a24511bcfe7d8f5f67f6aaafec1dc

SHA1
a0252332764f00522da8a33ebc963d0c952a6510

SHA256
507b139dc57cc60ddd9825f2dbaaa1970fa69fca7a5e2294f33c5eddda4902b0

SHA512
5cab54619c2f7318d5ebcecc29a8aae1f1dc7416f6023a586ee8039a194262df6aeb113a3483f8d77f9d60ed5262a27d22af3ce71dfb090106d9c05b5a4c4924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9b25d70b2b265dc8a66616592a25d4c

SHA1
78ca4ffd0dad8a14ae71484dc17baf7a3b510c9a

SHA256
9f3d21485029ad315040bd12ce1f408911de29cc9764438e29b8f7af07aedc5a

SHA512
2d92852f2fc85c78c2f3340b034bfafaac00736d8389cb86aec900f94e3225efcc8f113f81852abf6ecbe31e19e143ad9ec76d9536bb81543eff3f49521481ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
526c790045fff20fd1f12064115fa800

SHA1
8816fff387d73595c3dd56398c53e2609f49a6c9

SHA256
53a228c5573d4e50c150f6b07dad09bd9f86339de90fabb3f06969de6b990943

SHA512
25e7ec89df25d7b81bf5d3bd985e6d917f21039c1f4e8780663f93af946f4d3754e9d4f816038e9851fa23ce86a4c3b674b2669d677b53b14f0d55034b8ddab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6267c3532f78a2a34c042c9f44a3d37

SHA1
bdab0c769eeecd411b77f986197655b93206fe21

SHA256
8967b34e855424c07e9b79427faf02dd65cc09a89579749ec008102964b27e50

SHA512
51d1e8b6e8ac3b0e77e88fce476e286f16fc2a398ec0b8ee648c225b3ecd9b452dfd8ae0eb6574bb7ec7fff9734d289ee6108a607f121897718814efde4a4407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c0e6a1ae8b0c35a9243c11e23ab96a2

SHA1
9f2ca49b54d0be55bfcef4d29810de54a957e78f

SHA256
b1323cab10a250c9c23794895821d520206450a444ba38d1486ee82b510ba843

SHA512
b69e1a6a619f678dfb3a83cc945f8dfccbfa3279233c46ae56227c01e1c0db4a9cdb675e86c3175527127fd8ad560baa0dab37ee616a8e72bb458f77c9e536e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3157b63b73c85e469158b02fdc925872

SHA1
bbe795a2f4ee329d2223b6d76e7fcdee131ad22d

SHA256
a20a18dc2a8150f76b5ee6193c71ce4b912f5881349b28595931fad77f726d10

SHA512
4ff4f9647d80c729b270296fdec65f13c6ec72474b805081a36e7a38fb5e6519dc2c1e0398085c27eceb1eea84d884d98dc7d9c17eb6cffeea20673254baca89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc015912bee46f7cf74d315e7bdd5fcf

SHA1
63231611cbe3e060a262cc7ec672333b977ae2a7

SHA256
31b7ab34bc8a507cd129de1c4e984d2b9ab4bd0fdbe8aafbc7213a2d854a6e9e

SHA512
bf7b9faac70c79e802eab0de59f76c356044e934e78b20b9cc8a7bd25567f998cfbe9200ec2395d3d6037948d0d48f8273bd851102ac14c47de960a23cb3d110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e271c73e183f91cddae3d45d1832fdac

SHA1
8bcf8d5086875f65177b2c11c3c048e4c7104488

SHA256
f5cbe4d4e0a5700816fcd16c5e8859ecc9354a79989a110b1ab634262102fa32

SHA512
9de71e797d49c0c5c816636d81856a91f69bf6f6b2f718061d3b579f87206a311fc4d84fe3a94bf8340fd8e320eff151df7592c8d614961ed153faea05493ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b7f029d2e3a65398d627587dc329a69

SHA1
43389f92a7f637c697ee3c43db30192b50c5a5c4

SHA256
41574866af459e4056fbcc5ba864a7ff274d73ff2705ea238579a655316ed3fd

SHA512
f1a99826250d93687e74c3c01e4d2ec9c522e5bd12fc4d1db53d50dd82e7911d1e68edf07e73d0160d52fafc2b4a4dd6e816e798bcc4db3a5ed5b4e0514895d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b0e189ef893248c3ff6169b250f3602

SHA1
be33ae26156684d56316289bd70410d3de9047ac

SHA256
3fe8522682e137fb56083b6bc3555b4eca0014ec9517e9f19e0574fbbbb270ee

SHA512
e4d3986319d46ad66492e95d81e312f1e133434f6fd7afef3826985d4017fd80b3d65cc11386ddc908bb8e0f2a2f3201e3c83b9f0ca4b098df6132da00ebc1c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49c957a40022fd8aa1370375dcbf2014

SHA1
85c2d844b7bce08be8d631bdb3c292da6cf2ad7a

SHA256
d1b004e426cdf2678273c16096f01c91b17c26404121ed097a985eeda4f4aa76

SHA512
fcfced1c38a2163c6d932d7b484f82f00fdfc2f0faeec13f5a0e5b0472b536af963317252ba4ecbdcc898fb3e3c62299c89471e4b43fc22b7af02083d5f73c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d465f866470fa838820604d2b055e656

SHA1
6850ce60a5a1492a0b9ec3ec2fac23feae3d8b66

SHA256
081a454c6c4aa0498b41ef35506e3ea6f436abd8a1790dbc3a5a24eeac46446f

SHA512
b85c723872d23fed9994553373c45791428f21817384155d15f297d85a47a852ae68e016b20dfd821a376652c3fb9436e60693f4d2f0aef0055fdb134ea6eb3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2278f0c8e9a784138b2b51a672827c6d

SHA1
913dfe90c2b621b0366cb35e3bc2e9b0b468acff

SHA256
3420c8d4e5e058bca87579e94d726f6887747bffe3ac0b8266f69c9082fc10f8

SHA512
9a270831b17c6fa43ef5128498d7f2d803d97f37931271fa37535977feae143685578c642a32dda49ccc1e55b8f82b5435e859fd2322e42001d4950c0f41f39e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25ca99b9402ddfaa34b2ada11b0196fa

SHA1
840d875e602a267b032667261cf854757bc167af

SHA256
3e3f9ea892d72e56bab8f42cb043a14894acc5e85cfd319054a38c6e63ea58c7

SHA512
e93cff5424122e9bb95c39fa5c7d269490ae4ab4689411e6bcad52de4e66e50772d85c728d28634c34e87dfd2437c8c5ba4c0b90f4ec72d8303e7efd620681dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
165efea977c753ffb45756f3f340a37c

SHA1
020c18116c312b052bc660dc221df83042eaacb5

SHA256
4ae1e6682e9589374cf6f167bf067e2c6d1dcc5b3cc1a20134ecccce5c4caec3

SHA512
43e732a4758da24589a93291debbb2a76eed9897629e863d15026df458f5006a88e346a46c1e2883d6c05d9e20167bb670122be9c5bf121715866e3277d1add6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e9bd8ed64ee9b6bcbc745d05dc53e53

SHA1
c9101e67ba5d8dc72197f23b273afd15c8fc1553

SHA256
87fb16f3598da09a1a51eab43f2379b136df28b9f2984d9d899a640d796dc1e6

SHA512
9cfa8791aa4e7a740b5c33127bd9844f0fd31cf6358e7f87a0193188ea188e452f014c3bd825690433cd4fab8aa8ac55732667624f8c6547421c23588624fa54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b7153dfdb561491524372112f0b3bee

SHA1
37cfed6bdcae1cbdace172495db77718f92980bc

SHA256
ec4e83d84ed9bdcd922acc277439797d5605beb84bdce3bfd7a652869dd74d2f

SHA512
b98326a4a8b0599e0eb3da51bb466413f093b38eef7f5982604862490f55c19bc7fbf50e7d2b181e1ff5283580ac6d6e648ebe5e655e1e682eedf10a855caddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4404eaf11702edbd9c0ec3cd84ca495d

SHA1
2245c77a7fdedf159a3b2af5a66070e6294e02cb

SHA256
59a9a867d0663f589361a3812e09bb038b2f36f34b7f5ca4148e14ded6246e80

SHA512
9e9ae1bb7a375da4eb9947937e838c8e26378224b04ebebbbf2ffd5d64cce90fd74aba3b2575a8bb9023ebb8f3b474c7cc8318e9baeeca57a186f4c86dc07b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b02daf4118d1b48e858d426e593dcf9

SHA1
1c27f06408854289a20543b6a764a9460d725ff6

SHA256
fdd6a0e76d3f3ed471224e1ccab4dbc39ddce0552b45924a33b2a77eda179cf8

SHA512
8484e2283c38ac8791daa9847c34b5a182326815989df794c1795ba1f168cde7b28ee3b1513e822d8482ee9362de4d840a3fba45ae3eeedc971908ebe05e48fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bcd3d49af042d541490d555256dce0a5

SHA1
c40b26a06ad415489b25f5ede0c2aa611f545c3f

SHA256
60f3c400aa21cca860f711e4f9a3f0f375016f9c0e5b2d27d502fc5b53169170

SHA512
6e21253dfc37fb4976fe9c6410a435a18a5ad9cc2319a123e59e283d4de5a82a9e763eeed275c661b1f616689879c69e6b303a27a6c12f4ebc80a1b6a412e424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
451fc00e9780b4736099e1e5bd7f24a9

SHA1
86e6abdd3b4efe284d0e431c1a2fd980318c11f0

SHA256
f47b429966278e036347a14fffc31958beefe94c74f55f395caaa746a6b1ca6b

SHA512
6914fc5fd517813497eef0f6bc15fd890bb4739c8d87d93e46ebebf0b9c2dae7ab9b564d5f47457c3056a9fe43bab1a61f6bc4656474a1add7c3f5647023ea3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a91ffdcf4527b7b6ef8cfa25c7b4862c

SHA1
c6b2004868e9162af2ee67be2ede072acdfa3d81

SHA256
b8efdeb32c24b000b2f3a6fecfee94453c58ccfa6336e314318b9919893736cd

SHA512
ec22d6547a86135fa05c53de6e3b8577bbf0b087aad7aaf82f71b3c23dfc13dd6f38d1af8ed799cd07f84e3fa3a03897ce20d446f0a16bd59b6d1453dc82739c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
12c7bb83ed7eab46c6138fae8b6685cf

SHA1
85c224a6009e4542467c7cce73a704749d3342b6

SHA256
015feec125721139303af0cd18878b7ea2fe19402f02e7d4f7a9cccc23ad4225

SHA512
df8082d9accdce6919cf39c0326dbd80f7fd36135c1339ce091d29f4b9d77ebddf53b6071cd7001573f0194d2a4c8a7dcff64b46ec1671e2f8b76c8f58883246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ab137f2ba13c9648c27ef4ff94daac44

SHA1
345b805c71286ab7fe2d78141ff122cf0c8f8363

SHA256
34d6420341790b64881ffe25d5f6ade02ebe7821032e2d65f6cd9c2458bf06d9

SHA512
6ff06dfef3b6e9b42f31ac89dc19bf654a943e77d12307edb5ff10f4ee6ea047fc7ded23dcafd7538549416b478bac8a7a74777a8e76a8bd3479e94ce01de278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
42615972e057efd50736a01c15aa2357

SHA1
a6f75479bd9decead663993ca83873edcae8b302

SHA256
b9e08184ba5eacada74fd4fd900a6639db7ab2f2437d80916f77812f447627fc

SHA512
6058f325b7f87629eb9e79d7e8c5494547099b32c3d4912e264305b4c87c963ec8b036f68558a0fb99c9c09c7f46b8a13b77623f86c4e3659ccda4ef49b52bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
77caeb1c11489fc5769e308d358fc7cb

SHA1
30926fc068c28d8d9e2469205d8a269b4c56bb17

SHA256
03c28fa393a4216bbdc32709ca7071ef83d0483afd6942f921776c283f4a2c7f

SHA512
1ed340361495fcb53042bed53c809053470a88a48e5821fc1ffcd850758ea299cb90ef5e9c45b10cb32c80c23105133573fc89a311387c747593020877c2d51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c84fb0499469ae563e3b9e6470463249

SHA1
6252e998fb1fa1364d5ba39c3e7876ccbbe23cb5

SHA256
8abe477712152a62bfd32c775f96f07fa9714e4d4a121cc6bc89f639c05a8870

SHA512
3d79b3ca1b76cfff05b052d0dbf7bf6e148c32c428cf539b0d4fd9a3d28b1fbe57f1bc4da9f88faab6f8baaa918861092233f24bfed5eedf983357694c151580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
90fe60d5499af23970ac1cb97b0b502e

SHA1
b96e53d604bcc8349d233b2967ae5b9f280127ed

SHA256
0f7d7c476b83fe2f824d2a40e54a5654eb2ffb53835da04a5f6b975dc2bf00f3

SHA512
2ebd282f0c2072e931de840182d8d2af495005ba41402eb8a32002c96027642566189c6569db11433622e9d9029de9375fb70b4fe135e942f7bc4983e2425956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d3f2d0e282ff6f22beeb0cfacc66120d

SHA1
d3fc0ca3d865a55a572cc73291f4ad18a7798a27

SHA256
14e39fd66587cf94cf9c27930da5dbf79151dd94286b7e1eced5da29afee6130

SHA512
d88af2790c393e8dcf79fd083ebe946f557377c8bf89eb6be8cd919cb96eb1d08c3bce23a86df1a4e037b0b449696fd100811cd663f6c2f68653c2812539c261

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
8KB

MD5
5b7d701a7dda8e08a5b797c6950fec5e

SHA1
2d64e9ca26965399f4b64119ae628b2f4f2c5ab1

SHA256
b15f68efc85a1741aece1ca89d7990b7d7472fccfe511ed39daba422f6293ab4

SHA512
7db06abc7e77c7b14181374fb1d069919ba6c8576764d148a6465b5bf735ff6e64eb7856248185f4b86575d6d3c29314a3e41218566150a5d6860af7b078a5ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\bookmarkbackups\bookmarks-2024-09-15_11_wUK5TEQYvTGYbASR1WCBIQ==.jsonlz4

Filesize
1005B

MD5
30a638f369cb0fbd95846ab9dfe99a6c

SHA1
186d7655cd86bc89362d38e2c4e82c3d8799c0bd

SHA256
24cd27348053b701020e7c4f3423cb6660f4b78cab4cfd7a6165558e660a3d2b

SHA512
e8486811137d2b99077e4c388a699df88c11a03e54c441845bb241b2ce0673be2098e2e39d0308c4ac89ad3e158ff48fd0b953ba8e46a08ee37833fea011500a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
12KB

MD5
f59de5d7fac2d9340db7055fd868705e

SHA1
b52cbd5eb1042a37e944977cf41eae479b95437d

SHA256
1d1e0029bade260ed063ec63bdf825d772f3a1242fe6aab83c08062a081fd21d

SHA512
6f6eb39944f4fcf4eb2a4a3c414ed9efc0eb66daa5f932010dd62c8a1ae5fd580ea8559b9f9d0c9e233cbf2a211783634ee3cfc1fcee7c0e31f019107b32f060

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request